Traefik: Path-Based Routing Bypass via URL Encoding - Proactive Insights and Support For Open-Source Applications

In Traefik versions 2.11.24 and prior, 3.4.0 and prior a low severity vulnerability CVE-2025-47952 was detected. This vulnerability allows attackers to bypass the middleware chain and target unintended backends by exploiting URL-encoded strings in the request path when PathPrefix, Path, or PathRegex matchers are used. To address this issue, users should upgrade to versions 2.11.25, 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47952.